{"id":"CVE-2023-5717","details":"A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.","modified":"2026-04-16T04:32:10.889514523Z","published":"2023-10-25T18:17:43.913Z","related":["ALSA-2024:0897","SUSE-SU-2023:4730-1","SUSE-SU-2023:4731-1","SUSE-SU-2023:4732-1","SUSE-SU-2023:4733-1","SUSE-SU-2023:4734-1","SUSE-SU-2023:4735-1","SUSE-SU-2023:4782-1","SUSE-SU-2023:4783-1","SUSE-SU-2023:4784-1","SUSE-SU-2023:4810-1","SUSE-SU-2023:4811-1","SUSE-SU-2023:4882-1","SUSE-SU-2023:4883-1","SUSE-SU-2024:1358-1","SUSE-SU-2024:1359-1","SUSE-SU-2024:1380-1","SUSE-SU-2024:1382-1","SUSE-SU-2024:1390-1","SUSE-SU-2024:1400-1","SUSE-SU-2024:1405-1","SUSE-SU-2024:1406-1","SUSE-SU-2024:1418-1","SUSE-SU-2024:1493-1","SUSE-SU-2024:1505-1","SUSE-SU-2024:1537-1","SUSE-SU-2024:1545-1","SUSE-SU-2024:1551-1","SUSE-SU-2024:1558-1","SUSE-SU-2024:1581-1","SUSE-SU-2024:1582-1","SUSE-SU-2024:1596-1","USN-6537-1","USN-6573-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"},{"type":"FIX","url":"https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"3.2.95"},{"fixed":"3.3"}]},{"events":[{"introduced":"3.16.50"},{"fixed":"3.17"}]},{"events":[{"introduced":"4.4"},{"fixed":"4.14.328"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.297"}]},{"events":[{"introduced":"4.20"},{"fixed":"5.4.259"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.199"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.137"}]},{"events":[{"introduced":"5.16"},{"fixed":"6.1.60"}]},{"events":[{"introduced":"6.2"},{"fixed":"6.5.9"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6-rc5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6-rc6"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5717.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}